Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":April 30, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
2101	6.5	警告 Network	Engineering Ingegneria Informatica	knowage	Engineering Ingegneria Informaticaのknowageにおけるサーバサイドのリクエストフォージェリの脆弱性	CWE-918 サーバサイドリクエストフォージェリ	CVE-2025-58441	2026-02-5 15:46	2026-01-7	Show	GitHub Exploit DB Packet Storm

2102	8.7	重要 Network	Ultimate Fosters	Ultimate POS	Ultimate FostersのUltimate POSにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2025-60503	2026-02-5 15:46	2025-11-3	Show	GitHub Exploit DB Packet Storm

2103	5.3	警告 Network	The Go Project	Go	The Go ProjectのGoにおける不特定の脆弱性	CWE-noinfo 情報不足	CVE-2025-61730	2026-02-5 15:46	2026-01-28	Show	GitHub Exploit DB Packet Storm

2104	4.3	警告 Network	webinarpress	webinarpress	WordPress用webinarpressにおける認証の欠如に関する脆弱性	CWE-862 認証の欠如	CVE-2025-62972	2026-02-5 15:45	2025-10-27	Show	GitHub Exploit DB Packet Storm

2105	7.5	重要 Network	oneflow	oneflow	oneflowにおけるリソースの枯渇に関する脆弱性	CWE-400 リソースの枯渇	CVE-2025-65886	2026-02-5 15:45	2026-01-28	Show	GitHub Exploit DB Packet Storm

2106	6.5	警告 Network	oneflow	oneflow	oneflowにおけるゼロ除算に関する脆弱性	CWE-369 ゼロ除算	CVE-2025-65887	2026-02-5 15:45	2026-01-28	Show	GitHub Exploit DB Packet Storm

2107	7.5	重要 Network	oneflow	oneflow	oneflowにおけるリソースの枯渇に関する脆弱性	CWE-400 リソースの枯渇	CVE-2025-65888	2026-02-5 15:45	2026-01-28	Show	GitHub Exploit DB Packet Storm

2108	7.5	重要 Network	oneflow	oneflow	oneflowにおけるリソースの枯渇に関する脆弱性	CWE-400 リソースの枯渇	CVE-2025-65889	2026-02-5 15:45	2026-01-28	Show	GitHub Exploit DB Packet Storm

2109	7.5	重要 Network	oneflow	oneflow	oneflowにおけるリソースの枯渇に関する脆弱性	CWE-400 リソースの枯渇	CVE-2025-65890	2026-02-5 15:45	2026-01-28	Show	GitHub Exploit DB Packet Storm

2110	7.5	重要 Network	oneflow	oneflow	oneflowにおけるリソースの枯渇に関する脆弱性	CWE-400 リソースの枯渇	CVE-2025-65891	2026-02-5 15:45	2026-01-28	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 1, 2026, 4:54 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
331	-		-	-	STIG Manager is an API and web client for managing Security Technical Implementation Guides (STIG) assessments of Information Systems. Versions 1.5.10 through 1.6.7 have a reflected Cross-Site Scrip… Update	CWE-79 Cross-site Scripting	CVE-2026-41200	2026-04-30 05:46	2026-04-23	Show	GitHub Exploit DB Packet Storm

332	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Limit PTP to a single page Commit 391e69143d0a increased CT_PTP_NUM from 1 to 4 to support 256 playback streams, but… Update	NVD-CWE-noinfo	CVE-2026-31602	2026-04-30 05:16	2026-04-25	Show	GitHub Exploit DB Packet Storm

333	9.8	CRITICAL Network	-	-	radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows remote attackers to execute arbitrary commands by bypassing the command filter through shell metachara… Update	CWE-78 OS Command	CVE-2026-6942	2026-04-30 05:16	2026-04-24	Show	GitHub Exploit DB Packet Storm

334	8.5	HIGH Network	socialengine	socialengine	SocialEngine versions 7.8.0 and prior contain a blind server-side request forgery vulnerability in the /core/link/preview endpoint where user-supplied input passed via the uri request parameter is no… Update	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-41461	2026-04-30 05:16	2026-04-24	Show	GitHub Exploit DB Packet Storm

335	9.8	CRITICAL Network	socialengine	socialengine	SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where user-supplied input passed via the text parameter is not sanitized befo… Update	CWE-89 SQL Injection	CVE-2026-41460	2026-04-30 05:16	2026-04-24	Show	GitHub Exploit DB Packet Storm

336	6.2	MEDIUM Local	apple	ipados iphone_os	A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.8 and iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2. Notifications marked for deletion could be unexpectedly … Update	CWE-359 Exposure of Private Personal Information to an Unauthorized Actor	CVE-2026-28950	2026-04-30 05:16	2026-04-23	Show	GitHub Exploit DB Packet Storm

337	5.1	MEDIUM Local	-	-	EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak folder permissions in the installation directory. A local attacker can place a specially crafted DLL in thi… Update	CWE-427 Uncontrolled Search Path Element	CVE-2025-10549	2026-04-30 05:16	2026-04-23	Show	GitHub Exploit DB Packet Storm

338	4.8	MEDIUM Network	-	-	Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves in the network path between the client and the DeskTime upda… New	CWE-295 CWE-296 CWE-494 Improper Certificate Validation Improper Following of a Certificate's Chain of Trust Download of Code Without Integrity Check	CVE-2025-10539	2026-04-30 05:16	2026-04-28	Show	GitHub Exploit DB Packet Storm

339	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: vfio/xe: Reorganize the init to decouple migration from reset Attempting to issue reset on VF devices that don't support migratio… Update	NVD-CWE-noinfo	CVE-2026-31601	2026-04-30 05:15	2026-04-25	Show	GitHub Exploit DB Packet Storm

340	7.5	HIGH Network	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: arm64: mm: Handle invalid large leaf mappings correctly It has been possible for a long time to mark ptes in the linear map as in… Update	CWE-476 NULL Pointer Dereference	CVE-2026-31600	2026-04-30 05:14	2026-04-25	Show	GitHub Exploit DB Packet Storm